Posted
by
timothy
on Friday August 08, 2014 @03:46PM
from the blue-pill-that-stacks-neatly dept.

First time accepted submitter jarmund (2752233) writes "I first got a WRT54GL in 2007. Now, 7 years later, it's still churning along, despite only having one of its antennae left after an encounter with a toddler. As it is simply not up to date to today's standards (802.11N for example), what is a worthy successor? I enjoyed the freedom to choose the firmware myself (I've run Tomato on it since 2008), in addition to its robustness. A replacement will be considered second-rate unless it catered for the same freedom as its predecessor." Is there a canonical best household router nowadays?

It's funny; I was actually looking into a replacement for my WRT54G (using DD-WRT) last night. It's been great for a long time, but during the past couple months it periodically craps out and stops responding. Unfortunately, it seems like the only router that everyone can agree on being good is the WRT54G series itself.

But there's some good leads from this post. Brings me back to the days when Ask Slashdot was actually frequently useful or interesting.

I've been using an open-mesh access point for years. One of them recently went down after a freak thunderstorm, but it's been reliable and useful. I've been using an OM1P, but I see there's an updated version now. http://www.open-mesh.com/products/access-points.html

I have a Linksys E900 I've been running DD-WRT on for a while, and never had a lick of trouble with it until this week, when the WAN port fried thanks to a power surge (caused by some dumbass with a drill...).

That's the router I'd recommend, as it's 802.11n, has enough space in flash to support a pretty feature-rich build of DD-WRT, and can be had for less than $50.

Factory firmware is a lot more capable now than it was ten years ago, since the developers have been cribbing from DD-WRT, OpenWRT, and Tomato over the intervening time. Ten years ago, the stock firmware was much less capable than the hardware it was controlling; today, that's not nearly so much the case. However, if you want to, there's Shibby's tomato [groov.pl], or Merlin [lostrealm.ca], or even DD-WRT [dd-wrt.com] itself. All support popular modern routers.

Linksys hardware is crappy, unfortunately. Also, it is debatable if any hardware made by a US company can be trusted, especially since Linksys is a subsidiary of Cisco who are the NSA's bitch.

I recommend Buffalo. Their hardware is made for the Japanese market where symmetrical gigabit internet connections are not uncommon, and thus they are capable of routing close to 1000Mb/sec over the WAN interface. Massive overkill for western internet connections, but once you add in some filtering and traffic shaping you start to see why that kind of processing power and memory is needed.

Buffalo hardware is generally bulletproof and lasts. Some models come with DD-WRT pre-installed, many others fully support it. They are not too expensive either, and support all the latest stuff like 802.11ac and most importantly 5GHz.

Plus, decent sized onboard flash. Bought one of these for home (radios off, just wanted a router) and never looked back. Had work buy another and a bunch of USB serials on a USB hub as a console server, both running OpenWRT. Rock solid.

Also, it is debatable if any hardware made by a US company can be trusted, especially since Linksys is a subsidiary of Cisco who are the NSA's bitch.

It's more than just suspicion. What was it, about 2 years ago? Cisco changed the firmware on all of its consumer-level routers (including Linksys) so that you had to go online to Cisco (or Linksys) just to configure your router. And the products also came with a nice EULA, saying you agree that Cisco and Linksys could access any of the router's traffic, at any time, for any reason.

I'm using a netgear WNDR3800 with gargoyle branded vs of openwrt. Works absolutely perfect, its an older model now but I don't need AC support and it's above average cpu and memory for a router even under heavy usage its barely peaks over 20% capacity and I've never noticed a single time where it has dropped my connection or need to be reset at all in the past 4 years

I have a Linksys E900 I've been running DD-WRT on for a while, and never had a lick of trouble with it until this week, when the WAN port fried thanks to a power surge (caused by some dumbass with a drill...).

That reminds me, one of the best things you can do for a home router is to put it behind a UPS. I put my father's Linksys wrt54g behind an old APC-300, it was up for over a year continuously afterwards, and only required a reboot when I had to move it around for some maintenance. Even a crappy $25 Belkin can be surprisingly stable when it has a nice clean power supply.

I've been very happy with my Asud RT-n66g or whatever it is. Good signal, stable, lots of advanced features, and plenty of aftermarket firmware options. Plus Asus is responsive on support and updates.
Went comcast business class (slightly more expensive, but need/wanted the prioritization and QoS standards, like same day service calls, etc.), got their netgear business class modem (no built in wifi whatsoever, and works fine in total bridge mode), hooked it up to the Asus, and off I went.
Only thing I nee

Well, I'll probaby catch flak for this but I've been using Apple Airport Extreme for years now and they are very good products. I've now got a recent but not newest model (N not AC), always had one of the best signals in my neighborhood, and I'm only running 1/2 power. I am very impressed with the design and quality. I have every reason to like them... except one.

Unless something changes, I will never buy another Apple router. Why? Because they crippled the software.

Apple's Airport Utility (the router's setup and diagnostics software) was always very nice, despite the amount of automation. For example, if this setting was not compatible with that other setting, you can't choose it but that was done in an intelligent way, not capriciously. All the essentials were there in Airport Utility 5.6: upstream config, downstream config, security, guest network, channels (manual or auto), wide or narrow, ACL, NAT, proxy, IPv6, port mapping yada yada yada.

But Airport Utility 6.0 changed all that. Now it's all dumbed down. I guess dumb airhead customers don't have any need to look at logs or see who's connected for example. Meh.

But the router I now own is the latest one that is compatible with Airport Utility 5.6. Unless I can find software that is a hell of a lot closer to the hardware than Apple's latest Airport Utility, AFAIAC all that good design is wasted, because it's a product I don't want. And Apple is not very bright by chasing away loyal customers because it wants to "simplify" things too much. I've said this for years about apple: adding and even changing functionality are good if done for good reasons. But remove features, and you piss off your loyal customers. Which is a very bad idea.

Fixed-function devices are the only way to go - set it and forget it, man.

You don't have to hack them, you don't have to bother them. I've had mine for about 10 years now, to replace my old 1st-gen WRT54g, where I was doing stupid shit like trying to build an HTTP & media server into it, which was a conceptually flawed idea for an wireless-access-point.

You should never make devices more complicated than their physical requirements.

To a certain degree, he has a point - trying to shoehorn non-networking functions, like web and media serving, into a network device is kind of stupid - you're just going to end up wasting processing cycles on processes that don't have much-if-anything to do with routing.

Now, to say that a WAP should be a WAP and nothing else, ie no routing, firewall, or switching functions (other than what a WAP requires)? Sure, makes a lot of sense... if you're made of money. While you're at it, go buy one of those $10,000 firewall appliances too.

If you're like me, and you are not made of money, and/or you like hacking on stuff, there's nothing wrong with picking up a WRT router at a garage sale for 5 bucks and slapping a fairly feature-rich DD-WRT build on it, presuming you got a model with enough space and power to handle the functions you want to use.

If you use a PC as a router though you can do far more with that spare power though, It can also be your DNS server, your home VPN server, SSH, server, Radius server, firewall, tor access point, FTP server, OpenID Server,...That extra power gives a lot of flexibility.

When asking around for my WRT54G, not once I got advise that the only router matching the stability is the Apple AirPort. They are more expensive, comparatively limited in function - but whatever traffic you throw at it, however long, just like the WRT54G, it simply handles it without outages.

I was also looking at the Asus RT-N66 series, the second top rated advise I got, but they still have stability problems if you overload them. And not all devices/revisions are compatible to to

When asking around for my WRT54G, not once I got advise that the only router matching the stability is the Apple AirPort.

Then you need to change the people you are asking or at least enlarge it to people beyond those who's biggest joy is hacking access points.

They are more expensive, comparatively limited in function - but whatever traffic you throw at it, however long, just like the WRT54G, it simply handles it without outages.

All true, and the kicker when using a recent airport versus an old WRT is that the airports are just better access points with more range than the WRT54GLs that they replaced in our household. While I had a lot of fun playing with DD-WRT & tomato & other firmware I got tired of low bandwidth in some parts of my home. I'd replaced the WRTs at a relative's house wi

Been pretty much absolutely rock solid for me. I've never had to reboot it for wifi issues and I use it with Macs, PCs XP, Vista, 7 and 8.1, androids, ios devices, even a windows phone, plus WiiU, a couple 3DS etc.

Not necessarily the best choice or anything, if I were buying a router today, I'd look for one that was well supported by OpenWRT, had the hardware characteristics i wanted (simultaneous dual band, ram, etc) and good user reviews.

Apple routers are good if you don't mind the bare bones features. No quotas, no QOS, no route tables, no usage information. Just plain jane router. But the question here is a WRT54GS replacement, and that, Apple aint.

I'm using an Asus RT-N12, which runs any of the DD-WRT (or DD-WRT-ish clones), and since it has 8MB of flash, it runs the "max" version of Shibby's version of Tomato. This version has everything but the kitchensink, like OpenVPN, ipv6 support, including 4to6 tunnels. Since I'm on Cox, who doesn't seem to have any plan to roll out ipv6, its the only way for me to use ipv6 currently. It also has vlan support, virtual "guest" wifi support, and believe it or not, even has Tor node support.. I had been using a venerable WRT54GL for the last 7 years or so, but really wanted the vlan/guest wifi support and of course, ipv6 thru a tunnelbroker tunnel, and there was no way to shoehorn that into the measley 4mb of flash on the WRT54GL.. I read a few reviews on the RT-N12, and was pleasantly suprised, so I found one on eBay for a nice price, and waited for it to arrive. It was at that point I discovered the fact there are two distinct "versions" of the RT-N12. one a flat white box with the two antennas, which only has 4mb of flash... and then theres the black wedge-shaped version, which has the 8mb of flash... Guess which one I bought on eBay.. So, now I have a spare router around in case I need something quick. I proceeded to order the right one from another vendor, and flashed Tomato, and am happy as a clam with it... The old WRT54GL is still running as a wifi bridge on an older version of Tomato, being used to provide a cabled connection to the wife's computer in the living room. Previously I'd had a PCI wifi card in the system, but wanted to get rid of that.. Now with the WRT54GL there, I can plug my laptop in on the desk also without using wifi...

Been looking for another router for almost a year now, and still haven't been convinced of a better one than my WRT54GL

The WRT54GL is a relic of an ancient time. Most importantly, it's a relic of a time without IPv4 address exhaustion, and without realistic demonstrations of DNS cache poisoning.

DD-WRT has support for 6in4 and 6to4, but not as much support for IPv6 over PPPoE or DHCP-PD or Sixxs.net AYIYA. I prefer OpenWRT, but I also prefer plain-text configuration via the command line, so I'm weird. OpenWRT officially dropped support for the WRT54GL in the last stable release, 12.09 from April 2013, and it didn't really work right in 10.03, either.

I've been generally pleased with routers based on the Atheros AR7161, but those are obsolete (only N300 and N600), and not that easy to find. Probably the most famous from that line is the Netgear WNDR3800, [openwrt.org] the target model for CeroWRT [bufferbloat.net] and the EFF Open Wireless Router. [openwireless.org] 680MHz MIPS24K, 16MB of flash, and 128MB of RAM are so luxurious after the 200MHz BMIPS3300, 16MB RAM, 4MB flash of the WRT54GL.

No one seems to take the other approach--raspberry pi with hostapd. You can do whatever you want with it then, including anything beyond simply routing and firewalling.

You can also do something you probably DON'T want to do with it, namely waiting for what seems an eternity while it reboots on those occasions when a reset is required or you have a brief power failure.

If someone were to come up with a ARM-based board with at least the capability of three or four NICs and a WiFi access, and could run a decent distro like Debian, even if it cost a couple of hundred bucks, I'd snap up three right now. I've built Linux-based routers/VPN appliances using Debian, iptables and OpenVPN, and I can't complain, but they still suck a lot of electricity, and quite frankly, are rather large. I have three Asus RT-N12 routers with TomatoOS on them, and they work great but I've never bee

It's not really fair to say it's no longer maintained. The official branch is dead, but there are 3 active developers. The developers just have no desire to try to merge to a common codebase, but they all heavily share code from each other.

There are 3 heavily maintained branches:
Toastman
Shibby
RAF

Any of these three are heavily maintained, and all 3 were recently patched for heartbleed. So yes, they're still active.

I run a number of RT-N66U's with Toastman and I've found it to be far more stabl

Yes, I love our Buffalo AirStation N600 WZR-HP-AG300H which has gigabit ports, dual-band wireless, and lots of RAM and flash so they'll be able to keep running newer firmware for a long time to come. They probably have newer variants by now. I've run the DD-WRT that came with them but they are supposed to work with OpenWRT too.

I've used a pair of them with as a wireless bridge, using one dedicated band for that and allowing clients to use the other band so there is no interference when a wireless client a

Be careful with Buffalo, they have switched major components before with just a version number that sometimes didn't even appear on the box. There are versions of the same router that aren't supported by OpenWRT and DD-WRT because they swapped in a cheaper component that wasn't Linux compatible. People opened the box and found nasty surprises. I'd always wait a while after Buffalo releases a product then watch the reviews before you purchase to make sure they haven't pulled a WZR-HP-AG300NH again.

I say this as an owner of the router I quoted but I got lucky and got the right version but I was only a month away from being one of the people that got burned.

I picked up 2 Asus RT-N66U thinking that I could have a high speed Wifi Bridge. Since this house is old it creates a lot of interference. WiFi at the router was 30+ Mbps... in one of the rooms, down to less then 5 Mbps.

The stock firmware is crap. You can't port-trigger multiple ports, only port forward ONE port.

I highly recommend Shibby's Tomato firmware which is up-to-date to see which routers it supports.http://tomato.groov.pl/ [groov.pl]

Try updating the firmware. Or switch to Merlin's f/w. Or switch to DD-WRT.
My RT-N66U is running like a champ. I'm getting better throughput on *everything* than I did with my old WRT54GL. I'm also running a 5GHz-only bridge to/with an EA-N66 in my living room.
Pricey? Yes, but I still feel I'm getting my money's worth.

The RT-N66U is the only one I'll use at work these days. Has about 1/3 more range than anything else I've tried, and it connects far, far better to some very old (802.11b) portable printers we use than anything else.. Factory firmware can be cranky, but there are other options, as you note.

I've got an RT-AC68U as my access point. Not as mature firmware wise, and hard to test to it's full potential, but rock solid none the less.

ASUS can shut up and take my money.

Seconded in regards to the N66U. It's a fantastic router. I've been running Tomato Shibby for years (most recently v121) and it's been rock-solid, reliable, and stable.

There's only one downside: Tomato doesn't include the necessary kernel module for hardware accelerated WAN-to-LAN NAT/routing. This only matters if your downstream WAN bandwidth is greater than ~120Mbps. If your downstream bandwidth is less, the software routing can keep up and you'll run at full speed. If your downstream bandwidth is greater, you will be limited to ~120-130Mbps, as that's as fast as the N66U can route in software. LAN-to-LAN bandwidth will run entirely in hardware regardless of what firmware you have.

My ISP just upgraded me to a 250Mbps downstream link, so I reluctantly went back to the factory firmware to take advantage of the hardware acceleration. It's clunky and annoying compared to the elegance of the Tomato web interface, but it works. The Merlin firmware maintains the look-and-feel of the factory firmware, includes support for hardware acceleration, fixes a few bug and adds a few features (but not as many as Tomato) that makes it suck less.

The open source firmware does not run on the WRT1900ac yet as there are issues in the wireless drivers.

To the questioner though, I recomend 802.11ac over 802.11n. Myself I'm using ASUS RT-68Us for my network, good hardware and the stock firmware is actually pretty good but they support openwrt tomato and dd-wrt too. There is also a NETGEAR box it that that has better hardware and supports the open source firmware but apparently the stock firmware is pretty bad. However compared to WRT54-GLs these routers a

Having used a "Linksys by CISCO", or tried to anyway, I won't touch another Linksys product, unless paid VERY well to do so.(incidentally, I now also consider CISCO to be shite, since they considered the aformentioned heap-o-feces to be good enough to put their name on it)

Every time I've tried to figure out this question for myself, I've run into a maze of "router [foo 600] works but [foo 601] doesn't, unless you have [foo 601 revision 2, 3, or 5] with firmware version X but not firmware Y." If you just tell us a brand name or something, your post is fucking useless!

As an aside, you can generally expect a router to support things it does properly, at least you should be able to. Haven't seen too many routers certified as IPv6-ready (there's a comprehensive test suite out there by TAHI, it's not like it would be hard to verify) or even IPv6-capable, although a good number are both. So you can't trust the advertised capabilities as being either complete or correct.

There may also be hardware weirdness that means a feature won't work as expected whether with the regular firmware or a replacement.

Getting just the brand and revision is great, if you only want basic stuff. Which is most people. For freaks and geeks, we could use knowing if there's any really big, ugly omissions.

(I've done compatibility testing between network cards. It is unbelievable - or, at least, it should be unbelievable - how many network chipsets are defective. It's mostly obscure stuff, but bad silicon is expensive to fix, so you'd expect halfway decent testing. It just means all routers will do weird shit, so it's handy to know if it's weird shit that's likely to be a problem.)

I use Mikrotiks for just about everything nowadays. I haven't really found any situation that it couldn't do the function I required, even when it was something as complex as L7 regexing on a URL to force specific requests into a different priority queue.

Sorry, but I'd have to downvote the Mikrotik -- at least the RB751G-2HnD and RB951G-2HnD. I bought the 751 for my small place (~130 m^2) and it was DOA out of the box, with the "all LEDs flashing" symptom described here [mikrotik.com]. (Apparently this problem was somewhat widespread.) Contacted MT support, and was instructed to return the unit as DOA even though I eventually got it working with a different power brick.

The US distributor [streakwave.com] from which I got both of those MT boxes said that their normal return policy would re

I agree with you there. I have a Mikrotik router and while routeros is very powerful there can be a steep learning curve. I have a lot of complex QoS rules which it seems to handle well so my online backup software does not impact any other traffic. I also use a lot of its other features such as DHCP relaying between various subnets and some complex port forwarding rules and traffic shaping. Most consumer oriented routers also can't do BGP and MPLS either.

I really love my WRT54GL running Toastman Tomato. "It just works"- it is rock solid and does what I want. Sure it is not super fast, but for regular stuff it is fine. I liked it so much I installed dozens of them at work and directed my friends and family to use them also.

I need to knock on wood... not a SINGLE one has failed or had problems. They stay up "forever" without hanging or needed to be reset, even after seeing tons of various devices connected. Plus they were dirt cheap and have real antenna

I've moved over to a Mikrotik RB2011 series device and I have to say I'm loving it.
Has all the features I need, and even though the hardware is 3 years old at this stage, it's still alot faster than the older WRT devices. Interface and command line are a little whacky, and hard to get used to, but once you do, you'll never go back.
http://routerboard.com/RB2011U... [routerboard.com]

I completely agree. Get a Mikrotik device of some kind. They are reliable, Swiss-army-knife-flexible, cheap, robust and have a huge range of devices to choose from. You can even assemble your own configuration from parts if you want too. The Winbox config utility is fantastic and works just fine with Wine in Linux. They are now coming out with models that have 802.11ac too.
I Mikrotiks with ADSL2+ modems (like the Draytek Vigor 120) in RFC-1422 bridged mode but they will work fine with cable modems, W

1. Pick your favorite firmware
2. Check the lists to see which routers are supported
3. Check forums and reviews on the equipment, with the firmware in question (many perform better with dd-wrt than stock)
4. Make your choice

I have long advocated for separating everything - the cable modem / DSL modem should JUST be an interface to the upstream provider, with no NAT and DEFINITELY with no wireless. See the issues with Xfinity and other providers who are now piggybacking their "free" Wifi on customers' connections - I bet it'll be shown in the near future that the already existing NAT table size issues, which already cause many consumer devices to be problematic, are being exacerbated by trying to maintain state entries for the "free" wireless, too.

So you have a cable / DSL modem which is in bridge mode. Then you have some sort of NAT device. If you like running your own OS, a Raspberry Pi or some other tiny StrongARM device is cheap and can run whatever GNU/Linux or BSD you like. Heck, you can even still use your WRT54GL if the CPU in it isn't limiting the speed of your upstream connection.

Then, you have your wireless device. Again, I strongly recommend something that just does bridging - you have the simplest setup because you're not using the wireless device for NAT or any other "features". With all the stories about consumer devices having poor security and intentional back doors, the less exposure, the better. Personally, I pay extra for Apple because the 802.11ac Airport Extreme does wonders with existing 802.11n clients.

The great thing about this is that you can have as many segments as you want without needing a switch which does VLANs. You can plug two USB-ethernets into a Raspberry Pi, for instance, and keep your wireless and wired networks on completely different segments. Or three, and you can have your old device provide a completely separate guest network.

The best thing about this setup is that if one device fails or is shown to be insecure and the manufacturers won't fix it, you can just replace that one device.

I very recently replaced my faithful WRT54G with an ASUS RT-AC68U router. Over several weeks, it has never had an issue. I am running a mix of 802.11ac/g/n clients. Range and performance are fine. I live in an apartment with a very crowded 2.4GHz band and it still blasts through fine. The 5GHz band isn't as crowded and is great for the N and AC clients--wish the Chromecast had support for N on 5GHz. And if you want a slightly-tweaked custom firmware, a hobbyist developer maintains the Merlin firmware that is widely admired and used.

I would have to second this: The ASUS RT-N16 (or even the Asus RT-N66) is the 802.11N successor

If you're looking for the latest tech (802.11AC), I would say the go-to would probably the Asus RT-AC66U or Asus RT-AC68U (or for internal antennae, the Asus RT-AC56U) with the close runner up being the Netgear AC1900

As you can see, Asus has really taken hold of the "open source router" market (you can install Tomato/DD-WRT on these), much as the WRT-54G did back in the day.

I abandoned the toy routers a while ago, bought a used Firebox X700 on ebay for dirt and installed pfSense. Is it fast enough to route a 10,000Base T internet II connection? nope, but it's fast enough for anything that Comcast can throw at it, plus there is a metric buttload of add-on's plus you get epic street cred with your digital posse'.

I have an Asus RT-N66W (same as N66U, only white). The latest stock firmware is decent, and if you don't like it you can install a host of others. Asus develops the firmware as GPL, and is friendly to outside developers. I believe DD-WRT runs well on it, but I haven't tried, the stock firmware does what I need.

Support you on this, except I think Shibby's Tomato firmware is the best.

I've had a number of WRT-54G's, some struck by lightning, some still working. They are great, but can no longer handle the 60 MB/s download I get from my ISP, and the gigabit connections all devices have.

Please avoid any brands that have the NSA/DHS taint, which is pretty much any US company.

For a company headquarters job I did recently we looked at a bunch of options, and went with a dozen WNDR3800 [amazon.com] refurbs for about $50 a piece. Running OpenWRT with luci-ssl and wpad (not mini, for WPA2) installed on them.

Great for doing multiple SSID's over VLAN's back to the routers/firewalls for handling. After doing another job with a "big company brand" central controller and "dumb" AP's, I'd go the OpenWRT route again in a heartbeat. You waste a few hours configuring a dozen instead of a few weeks debugging a nasty, buggy, proprietary deployment.

There wasn't a huge budget so instead of buying twelve new ones we went with 16 refurbs. The 4 spares are still on the shelf a year later, knock on RSSI.

This model has a lot of users, projects like CeroWRT have chosen it as a target, and the OpenWRT wiki has it very well documented (port numbers, VLAN setup, etc.) Even a real power switch (next to the integrated gigabit switch) and a USB port. What it doesn't have is external connectors for big antennas, so if you need to do long-haul, either solder them on or look elsewhere.

N-range is not good on any compliant hardware, so for a typical house I just get two of these and give them the same SSID's on different channels and then there's great signal everywhere. The OpenWRT wiki's HOWTO on deploying a Guest SSID works well (I've done those for neighbors) but given the option I prefer to send the traffic back over a VLAN to a pfSense firewall and handle it there instead. That's fine for commercial but makes less sense in a typical residential install.

I've been running the R6300 for a year, initially with OpenWRT, and now I'm back to stock firmware.
It works, but I wouldn't say it's living up to expectations given its high price. It could not use a Mac OS Extended formatted harddrive for NAS and share via AFP. OpenWRT installation was a mess, and I had to unbrick it by hooking up a USB/serial interface to its internal ports. OpenWRT support is limited to the builds created by some individuals, and I was unable to upgrade it to the latest version. T

It's a little on the spendy side, but the Soekris [soekris.com] net6501s are fairly small and reliable. They have a proper RS-232 serial port console too. Standard x86 cpus. The 6501 will boot both 64bit and 32bit kernels(even though the Intel Atom E6XX line only officially supports 32bit.

Virtual machine running GNS3 with the Cisco IOS 12.x mainline code for a 7206VXR. Then just setup bridging and add the IP for the gns3 node as your default GW. All done with one NIC. Enterprise grade router running on your desktop. With modern multicore CPUs it runs great and has all the features you'd ever need (eg Zone Based Policy Firewall, QoS, ACL, policy routing and it can even function as an SBC running CUBE code).

A virtual machine is definitely the way to go. Paying $150 for a hideously under-powered computer, which you then struggle to find a new firmware for (because what came with it is garbage), trying to find one with the features you need that fits in the device's tiny memory, a chore which isn't made easier by the firmware authors because they just upload several dozen versions, all with little two-letter codes to specify which features they have, but with no key to the two-letter codes anywhere to be found

I've kept my old Buffalo running Tomato. It's fine as a router. I like the loopback functionality. I have everything set up find and don't want to change.

But frankly its WIFI was bad. It apparently couldn't cope with the way that modern devices communicate over wifi. Its wifi would get stuck every few days and require a reboot. It's not fast. Its range isn't good.

I just bought an Apple Airport Extreme. Disclaimer is that I work at Microsoft, and joined the company because I'm a Microsoft fanboy. But I bought the Apple base station solely in wifi mode, and it got extra range, and it doesn't crap out as much, and I'm delighted with it. It took an hour to set up (the setup software didn't work on my MBA so I had to install Airport Utilities onto my Windows notebook). But since then it's been running fine without worry.

I didn't read all of the comments, so if someone already mentioned it, sorry. The R-7000 can run Tomato as well as DD-WRT if you prefer. It is an AC router which with the Netgear firmware, you can turn into an AP only. It is a HUGE behemoth, has three HUGE antennas and will take up a pretty good amount of space compared to other offerings. That said, it has awesome coverage and speed. They aren't cheap, around $200 (less if you do a little shopping around). I have had mine for about a month and it hasn't had any issues.

The original WRT54GL had a cult following, but in perspective was a pretty poor OSS router. The wifi driver was binary and heavily tied to broadcoms kernel tree. It was a start however.

Nowadays we have OpenWRT which IMO is the pinnacle of SOHO router software - up to date kernel, upstream OSS drivers, and a kickass config system, all contained in ~6MB firmware file.

Now to answer the question - you want to stick to Atheros/Qualcomm-Atheros chips and make sure the router is supported by OpenWRT. If you have those 2 things, you absolutely can't go wrong.

My suggestion is most TP-Link stuff (except for the newer Archer C-series, it's just not ready yet), or the Atheros-based Netgear stuff (WNDR3700v2 or 3800 if you can still get them). Stay the f*** away from Linksys and D-Link, Asus seems to be nice but they keep using Broadcom chips which are extremely poor for OSS software.

Except their primary response to that seemed to be purely based on price. Most of us are not looking for the cheapest 100% compatible dd-wrt router.
Then the second choice is just the old solid 54G. Then a few middling OK routers. Then a few on the really expensive side.

Seconding Ubiquiti gear. I use these (not your specific models, but I love their nanostations) and they simply don't die. Literally months of uptime without a glitch, and even after a power outage, they pick right back up doing their job without human intervention.

And range? I've used a pair of bridged nanostations, without any external antenna (they come with a built-in 120 degree sector), to cross slightly over a mile (with line of sight) pushing full speed without even breaking a sweat.